From Information Security to Information Assurance, The Game has changed …Should Players too?

October 6, 2010

What started as computer security, morphed into information security, and is now being called “information assurance.” This includes the managing of all risks related to the use, processing, storage, and transmission of data, the systems and processes involved, and information in digital, analog, and physical forms. So, the game has changed in scope, scale, and complexity. But can a CIO truly delegate all this to his/her CISO and stop worrying?

Contributors

David Stanowick is presently the VP and Chief Information Security Officer for Alliance Data where he has responsibility for the Information Security, and Governance over the outsourced IT functions. Previously David managed Information Se... More View all posts

David Stanowick is presently the VP and Chief Information Security Officer for Alliance Data where he has responsibility for the Information Security, and Governance over the outsourced IT functions. Previously David managed Information Security and Business Continuity functions at Florida Power & Light and KeyCorp National Bank. David has over 25 years experience with technology risk management, and is well connected with peers in other industries. David is a Certified Information Systems Security Professional (CISSP) and works primarily at the corporate headquarters in Plano, Texas. LessView all posts

Currently, Rafael is Chief Information Security Officer for the State of Illinois at the Department of Central Management Services (CMS). During his tenure as CISO, the State implemented the first state-wide security strategy - “Secure I... More View all posts

Currently, Rafael is Chief Information Security Officer for the State of Illinois at the Department of Central Management Services (CMS). During his tenure as CISO, the State implemented the first state-wide security strategy - “Secure Illinois.” One component included the rollout of a state-wide security policy program. A consequence of this program was the development of a comprehensive Risk Management Framework for state IT operations. Another component of the strategy is the building of a comprehensive operational controls framework – “Cyber Security Maturity Assessment Model” – that includes NIST, PCI, HIPAA, and other regulatory principles. In an effort to coalesce the security requirements of the various disparate agencies in the State, we formed the State-wide Security Consortium (SWSC). This body works to shape policy, define operational controls, improve data security, and enhance cyber security awareness.
As CISO, Rafael has led the planning teams that participated in two Cyber Storm National Exercises – CSII and CSIII. These critical efforts allowed Illinois to exercise its communications and information sharing procedures with various levels of emergency management, law enforcement and information technology organizations across the country to ensure a coordinated and thorough response for the future.
Rafael came to CMS to assume the role of Enterprise Business Applications and Services Executive. After seven months, he was promoted to Chief Information Officer for CMS and continued the IT consolidation and rationalization efforts. Formerly the Chief Information Officer for the Department of Human Services, he ushered in an integration effort for social services management – across all social services agencies in Illinois.
Rafael served for seven years in professional and managerial positions at Accenture formerly known as Andersen Consulting. His professional career began with the Chicago Police Department as a forensic scientist. LessView all posts